CVE-2021-42838 Information

Description

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters thus unauthenticated attackers can inject JavaScript syntax remotely and further perform reflective XSS attacks.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://www.twcert.org.tw/tw/cp-132-5286-b92c8-1.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1